<?php 


include_once 'config.php';
include_once 'databaseconnection.php';

session_start();

$username= $_SESSION['username'];
$oldpassword = $_POST['password'];
$encryptedpassword=md5($oldpassword);
$newpassword = $_POST['newpassword'];
$confirmpassword = $_POST['confirmpassword'];
$result =mysql_query("SELECT Password FROM user WHERE Username='$username' and Password='$encryptedpassword'");
if(!$result) 
{ 
    echo "You entered an incorrect password. ";
} 
echo mysql_num_rows($result);
if(mysql_num_rows($result)){

    if($newpassword==$confirmpassword){
		$encriptednewpassword=md5($newpassword);
        $sql=mysql_query("UPDATE user SET Password='$encriptednewpassword' where Username='$username'");        
        if($sql) 
        { 
            echo "Congratulations! You have successfully changed your password. <a href=http://localhost/stms/pages/view1.php>Continue</a>"; 
        }
        else
        {
            // In case when problem while updating your new password
           echo "gkhkg";
        }       
    } else {
        // In case when new-password and retype-password do not match
        echo "The new password and confirm new password fields must be the same.";
    }
} else 
{
   
    echo "You . ";  
}

?>